← Netlock cases
Bugzilla #1891331
Delayed Revocation
NETLOCK: Policy Qualifiers other than id-qt-cps is included in TLS certificates - delayed revocation
RESOLVED
DUPLICATE
Netlock
AI Summary
NETLOCK faced a delayed revocation issue where certain TLS certificates were not revoked within the required timeframe following customer requests. The incident was linked to a failure in updating policy identifiers in compliance with the Baseline Requirements. Although NETLOCK initiated revocations, some customers, particularly those critical to the national economy, requested extensions due to their internal processes. The situation highlighted the need for improved monitoring and communication regarding certificate management. NETLOCK has since committed to enhancing its internal processes to prevent future delays.
Chronology
- NETLOCK notified of TLS certificate error.
- Revocations started.
- All misissued certificates not requested to be revoked were revoked.
- All related certificates have been revoked.
Participants
Tamás Horváth
Dorottya Vey
Ben Wilson
External References
Related Bugzilla IDs Mentioned
Similar Local Cases
NETLOCK: Bug 1891331 replacement - delayed revocation -
Telekom Security: Revocation delay for TLS certificates with basicConstraints not marked as critical
eMudhra emSign PKI Services: Delayed Revocation of SSL/TLS Certificates
Camerfirma: Delayed revocations related to Invalid authorityKeyIdentifier - recurrent incident
e-commerce monitoring GmbH: Delayed revocation
Microsec: Delayed revocation of the misissued certificates
SECOM: Delayed Revocation of non-technically constrained FUJIFILM Certificates
NetLock: Delayed revocation report connected to ticket 1680378